Initiative aims to protect 50 genuine brands and government organisations from being impersonated by cyber criminals

The UK’s banking and finance sector has linked up with the mobile industry in a new bid to block scam text messages exploiting the Covid-19 coronavirus pandemic from reaching their targets, and make sure legitimate messages get through.

It aims to protect 50 genuine brands and government organisations from being impersonated by cyber criminals, and has already compiled a blocklist of 400 unauthorised sender IDs to prevent them from being used to mimic such organisations – 70 of them are related to Covid-19 specifically.

“We are pleased to be supporting this experiment, which is yielding promising results,” said NCSC technical director Ian Levy. “The UK government’s recent mass-text campaign on Covid-19 has demonstrated the need for such industry collaboration in order to protect consumers from these kind of scams.”

Scam texts such as the ones referred to by Levy – which include an example seen by Computer Weekly in which recipients were informed that they had been seen leaving their homes more frequently than the lockdown regulations permit and would therefore by fined by the police – are frequently spoofed to make them seem more convincing.

Criminals can, for example, change the sender ID that appears at the top of a text message to mimic a genuine organisation. In the case of texts exploiting the UK government response to coronavirus, these have been sent using +Gov_UK instead of the genuine UK_Gov.

It is also possible to copy genuine sender IDs, making a fake message pop up in a chain of texts alongside genuine messages from the legitimate sender.

In the new initiative, the MEF has introduced a white list that allows legitimate organisations to register and protect their sender IDs, which limits cyber criminals’ ability to send text messages using the same sender ID. At the time of writing, 172 trusted sender IDs have been registered.

“All stakeholders involved in business messaging have a responsibility to follow industry best practice and proactively work together to be one step ahead of the fraudsters,” said Joanne Lacey, COO at the MEF. “The SMS SenderID Protection Registry is a tactical solution to mitigate smishing and spoofing, backed by MEF’s A2P SMS code of conduct.

“Through the registry, the industry has been able to support the UK government’s campaign and demonstrate the vital role of messaging, not least in times of emergency and crisis.”

Read more about the impact of Covid-19 on financial services

VMware’s Carbon Black observes a spike in cyber attacks on financial services organisations during the pandemic.

Mobile UK policy and communications head Gareth Elliott added: “Mobile companies work hard to protect their customers from fraud and the contribution from the industry to the registry will help reduce the number of scam texts pretending to be from trusted brands. This gives much-needed protection against fraud, including for the most vulnerable customers.”

Katy Worobec, managing director of economic crime at UK Finance, said that in spite of the new initiative, it was still incumbent on end-users to some extent to be on their guard against cyber criminals exploiting the pandemic to commit fraud.

“Always follow the advice of the Take Five to Stop Fraud campaign and avoid clicking on links in any unsolicited text messages in case it’s a scam,” she said. “Remember, you can report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.”

Content Continues Below

Download this free guide

Getting Cloud Security Right

Let's face it, cloud security can be done very wrong. Let's learn to do it right.
Regular Computer Weekly contributor Peter Ray Allison explores this issue, weighing up the questions organisations should be asking of their cloud service providers, and whose responsibility cloud security should be.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.